add news item for git-annex 6.20170228
This commit is contained in:
Joey Hess
parent
444278156c
commit
739aa3a38e
2 changed files with 67 additions and 17 deletions
|
|
@ -1,17 +0,0 @@
|
|||
git-annex 6.20161118 released with [[!toggle text="these changes"]]
|
||||
[[!toggleable text="""
|
||||
* git-annex.cabal: Loosen bounds on persistent to allow 2.5, which
|
||||
on Debian has been patched to work with esqueleto.
|
||||
This may break cabal's resolver on non-Debian systems;
|
||||
if so, either use stack to build, or run cabal with
|
||||
--constraint='persistent ==2.2.4.1'
|
||||
Hopefully this mess with esqueleto will be resolved soon.
|
||||
* sync: Pass --allow-unrelated-histories to git merge when used with git
|
||||
git 2.9.0 or newer. This makes merging a remote into a freshly created
|
||||
direct mode repository work the same as it works in indirect mode.
|
||||
* Avoid backtraces on expected failures when built with ghc 8;
|
||||
only use backtraces for unexpected errors.
|
||||
* fsck --all --from was checking the existence and content of files
|
||||
in the local repository, rather than on the special remote. Oops.
|
||||
* Linux arm standalone: Build with a 32kb page size, which is needed
|
||||
on several ARM NAS devices, including Drobo 5N, and WD NAS."""]]
|
||||
67
doc/news/version_6.20170228.mdwn
Normal file
67
doc/news/version_6.20170228.mdwn
Normal file
|
|
@ -0,0 +1,67 @@
|
|||
News for git-annex 6.20170228:
|
||||
|
||||
This version of git-annex has mitigations for SHA1 hash collision
|
||||
problems.
|
||||
A new annex.securehashesonly configuration, when used in combination with
|
||||
signed git commits, avoids potential hash collision problems in git-annex
|
||||
repositories. For details, see this web page:
|
||||
<https://git-annex.branchable.com/tips/using\_signed\_git\_commits/>
|
||||
|
||||
git-annex 6.20170228 released with [[!toggle text="these changes"]]
|
||||
[[!toggleable text="""
|
||||
* Cryptographically secure hashes can be forced to be used in a
|
||||
repository, by setting annex.securehashesonly.
|
||||
This does not prevent the git repository from containing links
|
||||
to insecure hashes, but it does prevent the content of such files
|
||||
from being added to .git/annex/objects by any method.
|
||||
* Tighten key parser to prevent SHA1 collision attacks generating
|
||||
two keys that have the same SHA1. (Only done for keys that contain
|
||||
a hash). This ensures that signed git commits of annexed files
|
||||
will remain secure, as long as git-annex is using a secure hashing
|
||||
backend.
|
||||
* fsck: Warn about any files whose content is present, that don't
|
||||
use secure hashes, when annex.securehashesonly is set.
|
||||
* init: When annex.securehashesonly has been set with git-annex config,
|
||||
copy that value to the annex.securehashesonly git config.
|
||||
* Added --securehash option to match files using a secure hash function,
|
||||
and corresponding securehash preferred content expression.
|
||||
* sync, merge: Fail when the current branch has no commits yet, instead
|
||||
of not merging in anything from remotes and appearing to succeed.
|
||||
* Run ssh with -n whenever input is not being piped into it,
|
||||
to avoid it consuming stdin that it shouldn't.
|
||||
This fixes git-annex-checkpresentkey --batch remote,
|
||||
which didn't output results for all keys passed into it. Other
|
||||
git-annex commands that communicate with a remote over ssh may also
|
||||
have been consuming stdin that they shouldn't have, which could have
|
||||
impacted using them in eg, shell scripts.
|
||||
* sync: Improve integration with receive.denyCurrentBranch=updateInstead,
|
||||
displaying error messages from the remote then it fails to update
|
||||
its checked out branch.
|
||||
* Added post-recieve hook, which makes updateInstead work with direct
|
||||
mode and adjusted branches.
|
||||
* init: Set up the post-receive hook.
|
||||
* sync: When syncing with a local repository located on a crippled
|
||||
filesystem, run the post-receive hook there, since it wouldn't get run
|
||||
otherwise. This makes pushing to repos on FAT-formatted removable
|
||||
drives update them when receive.denyCurrentBranch=updateInstead.
|
||||
* config group groupwanted numcopies schedule wanted required:
|
||||
Avoid displaying extraneous messages about repository auto-init,
|
||||
git-annex branch merging, etc, when being used to get information.
|
||||
* adjust: Fix behavior when used in a repository that contains
|
||||
submodules.
|
||||
* Run wget with -nv instead of -q, so it will display HTTP errors.
|
||||
* Run curl with -S, so HTTP errors are displayed, even when
|
||||
it's otherwise silent.
|
||||
* When downloading in --json or --quiet mode, use curl in preference
|
||||
to wget, since curl is able to display only errors to stderr, unlike
|
||||
wget.
|
||||
* status: Pass --ignore-submodules=when option on to git status.
|
||||
* config --set: As well as setting value in git-annex branch,
|
||||
set local gitconfig. This is needed especially for
|
||||
annex.securehashesonly, which is read only from local gitconfig and not
|
||||
the git-annex branch.
|
||||
* Removed support for building with the old cryptohash library.
|
||||
Building with that library made git-annex not support SHA3; it's time
|
||||
for that to always be supported in case SHA2 dominoes.
|
||||
* git-annex.cabal: Make crypto-api a dependency even when built w/o
|
||||
webapp and test suite."""]]
|
||||
Loading…
Add table
Add a link
Reference in a new issue